Filter URL messages via logstash

Question

Filter URL messages via logstash

punisherVX opened this issue 5 years ago · 1 comments

Because the PoC of SFN isn't built to handle the gazillion messages associated with all of the URL info (and most of them are irrelevant anyway). The instructions do say to filter and send only malware, command-and-control, phishing and hacking URLs only, but apparently instructions are viewed more as bendable guidelines. So, we need to have Logstash filter these messages so we don't overload the SFN system.

Answer 1 · 2019-10-28T20:16:39.000Z

These should be followed via the instructions